EU“RICA”! – Discovering what impact the amendments to Rica have on cell phone service providers and users

By Tanya Viljoen

In response to criminals misusing technology to further their criminal activities, the Regulation of Interception of Communications and Provision of Communication-Related Information Act 70 of 2002 (“RICA”) came into force in 2005. The aim of the Act is to regulate certain aspects of communications and to legalise the interception of communications in specific instances, for example, where it is reasonably believed that a serious offence is about to be committed.

The RICA Amendment Act of 2008 (“RICA Amendment Act”) came into effect on the 1st July 2009, (with the exception of Section 3 of the act, which deals with offences and penalties if provisions in the act are not complied with, and only comes into operation on the 1st August 2009). The latest amendments have extended the ambit of the act considerably, as it infringes upon the privacy of all cellular phone users.

In terms of Section 14(d) of the Constitution,”everyone has the right to privacy, which includes the right not to have the privacy of their communications infringed.” However Section 36 of the Constitution directs that Constitutional rights can be limited where it is “reasonable and justifiable...”

The RICA Amendment Act has received a negative public reaction thus far, as the perception is that the infringements on privacy are not reasonable and justifiable, and the constitutionality of certain provisions of the new RICA Amendment Act will most likely be challenged.

Impact of the RICA Amendment Act

Mobile Cellular Providers

The personal particulars that Mobile Cellular Providers (eg. MTN, Cell C, Vodacom and Neotel) are now required to obtain from their customers, are similar to what a financial institution requires from their customers before opening a bank account, i.e. full name and identity number, an address and proof of the same in the case of an individual and in the case of a juristic person, the name and address and registration number of the juristic person. The provider will also need to record the Mobile Subscriber Integrated Service Digital Network Number (“MSISDN – number”) of the Subscriber Identity Module (“SIM”) card allocated to the customer. Furthermore, these records must then be stored for 5 years after the contract has been cancelled.

New Customers

Section 40, as amended, stipulates that mobile cellular providers must obtain and verify a new customer’s personal particulars before activating a new SIM card. So at present no one should be able to have a new SIM card activated without complying.

Existing Customers

Section 62(6), as amended, stipulates that mobile cellular providers have 18 months from the 1st July 2009 to obtain, verify and capture the required personal particulars of their existing clients. If the information is not captured within this time frame the relevant provider is obliged to deactivate the SIM card.


Foreigners are also required to provide their personal particulars when applying for a local SIM card even if they only opt for a prepaid account.


Employers who issue employees with SIM cards will have the same responsibility as the cell-phone providers and must ensure that they have obtained, verified and recorded each employee’s personal particulars and the MSISDN –number for the SIM card they have been allocated.

Practical Implications

As the similar verification process prescribed by the Financial Intelligence Centre Act of 2001 (“FICA”) for account holders of financial institutions has already shown, determined criminals will still succeed with money laundering and other criminal acts by opening accounts with false documents, or having someone on the inside arrange for their documents to go missing, or even paying someone on the inside to activate the account without providing any personal particulars, so that they cannot be traced.

No doubt the same issues will arise with RICA and although regulating the use of SIM cards is aimed at deterring criminals, these are some of the challenges that will need to overcome when enforcing RICA:

The submission of false identity documents and utility bills;
Staff need to be adequately trained to correctly verify and record data;
The MSISDN – number on the SIM card may be incorrectly captured;
Foreign addresses will be difficult to verify;
Theft or swopping of SIM cards may occur which are then used to commit crimes;
A person’s phone can be used without them knowing;
Crime Syndicates are likely to prey on vulnerable people and coax them into opening accounts on their behalf in exchange for a small fee;
Exposure of privacy issues, especially if numerous employees of Mobile Cellular Providers have access to databases storing the personal details of their customers, as dishonest employees could possibly sell or misuse the information;
Criminals will circumvent RICA by using foreign registered SIM cards, that are not so strictly regulated;
Foreign tourists (especially tourists coming for the 2010 world cup) will need to be educated, as they won’t necessarily have proof of address on them when wanting to activate a prepaid account.

Perhaps former American Judge and Politician Earl Warren (1891-1974) was way ahead of his time when he said: “The fantastic advances in the field of electronic communication constitute a greater danger to the privacy of the individual.”